Mac App Store Failure

One of our goals for version 3, was to address a user-request to get Espionage into the Mac App Store (MAS). We thought we succeeded in this, but it looks like this was only a momentary success. Apple’s June 1st sandboxing deadline hit, and we thought we were safe because we were already in the store, but this turns out to be not true. Apple didn’t make this very clear, but they’re preventing non-sandboxed applications from receiving feature updates in the MAS. So all non-sandboxed apps in the MAS are essentially “dead in the store”.

We’re unable to sandbox Espionage because of a bug in Apple’s operating system (rdar://10419391), and we have a feeling they won’t fix this bug anytime soon. Since we’re not able to update Espionage in the MAS anymore, we’re going to have it removed from the store.

We’re asking users who purchased Espionage in the store to switch to the non-MAS version of Espionage, and to contact us using the following instructions so that we can send you a license to it. If you purchased Espionage in the MAS, please read these instructions before switching to the non-MAS version of Espionage.

How To: Switch to non-App Store version of Espionage 3

Step 1: Locate your copy of Espionage in the Applications folder and then right-click (control-click) on it, and choose Show Package Contents:

Step 3: Visit this link and enter your information. Click ‘Choose File’ (Safari) or ‘Browse’ (Firefox) and select the receipt file on your Desktop. Then click Submit. Your Espionage 3 license will be emailed to the address you provided, so make sure there are no typos.

Step 4: After you receive an email with your license, download Espionage 3 from its website, and replace your copy of Espionage with it. Then register it with the license you received. Don’t replace your copy of Espionage until you receive your license.

That’s it!

We apologize for the inconvenience that has been caused by this situation. On the bright side, we no longer have to wait for Apple’s approval to release updates to Espionage, and 3.0.1 will be released shortly.

34 thoughts on “Mac App Store Failure”

And on the bright side, you’ll be able to re-implement application associations… maybe?!
Since you are no longer under the freaky control of apple, that would be a good way to regain your customer base and make everyone happy 🙂

We’re still on the fence about application associations. It’s possible to bring them back now, but remember that we had multiple reasons for removing them. Some of the changes that Apple made in Lion make it difficult for us to support application associations, especially their sandboxing of data.

For example, an application can have its data in one location, but then the developer chooses to sandbox their app and suddenly OS X will move the app’s data to another location. This type of situation makes application associations a risky and difficult feature to support. We’re still mulling over whether to do it or not.

@Franklin: if you follow the instructions you’ll see that you first use the script to get a new license, then you replace your copy of Espionage with the one from our website. Replace it automatically “gets rid” of the MAS version, so you don’t need to delete anything. I’m not sure what you mean by a new password, if you mean the password to unlock Espionage, no, you don’t need to do anything with that, it will be the same.

@Ross: backups were necessary for Espionage 2 because of the way it moved the disk image that contained the encrypted data around, but since Espionage 3 no longer does that, built-in backups are no longer necessary. Time Machine and any other backup system you use is best to backup Espionage’s data now. See Espionage’s help on backups:

Greg – Im not worried about the data – Im sure thats safe. I understand why Apple is requiring sandboxing – much as it is a pain to developers – Im asking if because the application is not sandboxed and thus has access to all (or many) system functions, is the software vulnerable to malware that could latch on and thereby infect my system.

I think the encryption espionage placed on the sparse bundles is bomber. Just curious if apple is paranoid or if there is legitimate risk.

To me at least, application associations are important, and was one of the reasons I purchased Espionage. I want Mail, and OmniFocus, and Skype data encrypted and managed automatically, and when I quit the app, I want the disk auto-locked.

So now, I hope those can come back. Add some warnings if you need to, or only if you check the “Advanced” box or something, but it was/is an important functionality for me.

I’m deeply disappointed. I for one was pleased with Espionage 3 being available through the MAS, partly because I assumed that it was sandboxed. I’ve been a satisfied customer of Espionage 2 and I was excited by the improvements in 3, but I now do not relish having to tinker with the set up again & losing the MAS support. I can’t help but feel that there’d been one or two things that you might have explained a little bit more explicitly when you suggested users to upgrade to Espionage 3.

@CJ: the fact that Apple has a sandbox for some apps, and not for others, means, in my opinion, that very little has changed in terms of the fundamental security of the system. A piece of malware doesn’t necessarily need any other application to “latch onto” to do its dirty work, it can simply do it itself. I can send you a program that deletes your whole Home directory if you run it. Apple’s sandboxing doesn’t have anything to do with that. If Apple forced all apps to be sandboxed that would be different, but without a huge change to their OS they can’t do that without creating a lame operating system that can’t run useful software. Sandboxing protects against a certain class of attacks, like opening malformed documents sent over the internet that have found an exploit in some document format (like a malformed PDF file, or a bug in Flash via a sandboxed Safari).

For apps that don’t have much to do with the opening of documents possibly retrieved from the internet, sandboxing doesn’t mean much. At that point it’s more of a safety for Apple to prevent malware from entering its store due to one of their app reviewers missing some clever piece of code. Before, a bad app on the store, could, theoretically have deleted your home directory after say a month of inactivity, or searched your mac for some piece of data to send back to its mothership. Now they can’t do that. Yippee. For established developers with software that can’t get into the store, it simply doesn’t mean much. They wouldn’t do that (as it’s against their business interest and reputation) and customers know that and have been fine with it since computers have been around.

Greg. That makes a lot of sense. Thanks for clearing that up for me. I obviously wouldn’t expect YOU as a developer to include malicious code – I just wasn’t sure if somehow an update could be hacked and have malicious code attached to the email – or someone could fictitiously distribute an espionage 3 update that could then infect the application. But theoretically that “could” happen with any application, and as you said, most applications are not sandboxed anyway. I guess thats even more reason to only download straight from the taoeffect website.

Either way, you’ve thoroughly answered my question. Thank you.

PS – What is that little anchor symbol on the bottom left of the ‘inspector’ box? Is it intended to have any useful purpose? Just curious.

@Ryan: that’s allowing the command ‘hdiutil’ to run in the sandbox. Espionage needs that command to manipulate the disk images. We were kinda shocked when we discovered that of all the command line tools on OS X in /usr/bin, *that* was the one that didn’t work in the sandbox.

Im sure I can look this up but since your guys started this post, can someone explain to me what exactly sand boxing is?

I read the previous post on some of its benefits and so im thinking its basically just a way to make sure apps are contained within a package are not spread all over the operating system – is that right?

“its basically just a way to make sure apps are contained within a package are not spread all over the operating system – is that right?”

@Michael: no, it’s the act of running an application in “its own environment”. It separates the application more from other apps and the system as a whole. It limits what the application can do, like what files it can open, what functionality it can access. You can Google it for more info.

Just wanted to add a belated vote of support for finding ways of restoring application association, to whatever extent’s technically feasible, now that you’re no longer constrained by the app store. I get that this is a technical challenge, but it’s a key reason that I originally chose Espionage, and I’m sure the feature would make a huge difference for many considering their options.

@Ram: click the wheel icon in the bottom right of the window and see if there’s a menu item that says “Enter License…” if there is, then you don’t need to do anything, if there isn’t, then you purchased it through the mac app store and need to follow the instructions in the post.